MikeWatch Forks of the Mike legal-AI codebase, distilled for legal-tech readers
Home · willchen96/mike · PR #79

fix: consistent case-insensitive email check in GET /projects/:projectId

🟢 open · #79 · willchen96/mike ← bmersereau/mike · opened 14d ago by bmersereau · +1,349-24 across 7 files · ↗ on GitHub

From the PR description

Summary

  • GET /projects/:projectId was using a case-sensitive Array.includes() to check shared_with, while every other access check is case-insensitive; this denied access to legitimate shared users whose stored email had different casing
  • GET /projects list query was using the raw (un-normalized) user email in the shared_with contains filter, also causing missed results for mixed-case emails
  • POST /projects was storing shared_with emails without normalization; PATCH already normalized - now both are consistent
  • Extracted normalizeSharedWith and emailInSharedWith helpers to a new projectAccess.ts module for reuse and testability

Closes #70 Closes #85 Closes #93

Changes

  • backend/src/lib/projectAccess.ts - new normalizeSharedWith and emailInSharedWith helpers
  • backend/src/routes/projects.ts - GET list query uses normalized email; GET access check uses emailInSharedWith; POST normalizes shared_with via normalizeSharedWith
  • backend/src/lib/__tests__/projectEmailNormalization.test.ts - 8 unit tests

Test plan

  • Unit tests: lowercase, dedup, drop empties, case-insensitive lookup, null/undefined email
  • Build and typecheck pass

Our analysis

Normalize shared_with email casing across project access — read the full analysis →

Think the analysis missed something the PR description covers?

Capture this PR into my fork

Download a Markdown prompt that tells Claude how to port every commit in this PR into your working tree. Run it via claude -p < capture-pull-79.md from inside the repo you want the changes in.

⬇ Download capture-pull-79.md